Merge branch 'j-licht-master'

2021-04-04 10:37:45 +02:00 · 2021-04-04 10:37:45 +02:00 · 3f62e4a163
parent 699ec116a4 54e19af8c2
commit 3f62e4a163
2 changed files with 21 additions and 2 deletions
--- a/netflow/v9.py
+++ b/netflow/v9.py
@ -15,7 +15,7 @@ Licensed under MIT License. See LICENSE.
 import ipaddress
 import struct

-__all__ = ["V9DataFlowSet", "V9DataRecord", "V9ExportPacket", "V9Header", "V9TemplateField",
+__all__ = ["V9DataFlowSet", "V9DataRecord", "V9ExportPacket", "V9Header", "V9TemplateField", "V9OptionsTemplateFlowSet"
           "V9TemplateFlowSet", "V9TemplateNotRecognized", "V9TemplateRecord"]

 V9_FIELD_TYPES = {
@ -263,6 +263,17 @@ class V9TemplateRecord:
            ' '.join([V9_FIELD_TYPES[field.field_type] for field in self.fields]))


+class V9OptionsTemplateFlowSet:
+    """An options template flowset. Always uses flowset ID 1.
+    TODO: not handled at the moment, only stub implementation
+    """
+    def __init__(self, data):
+        pack = struct.unpack('!HHH', data[:6])
+        self.flowset_id = pack[0]
+        self.length = pack[1]
+        self.template_id = pack[2]
+
+
 class V9TemplateFlowSet:
    """A template flowset, which holds an id that is used by data flowsets to
    reference back to the template. The template then has fields which hold
@ -340,6 +351,7 @@ class V9ExportPacket:
        skipped_flowsets_offsets = []
        while offset != len(data):
            flowset_id = struct.unpack('!H', data[offset:offset + 2])[0]
+
            if flowset_id == 0:  # TemplateFlowSet always have id 0
                tfs = V9TemplateFlowSet(data[offset:])

@ -353,6 +365,13 @@ class V9ExportPacket:
                # Update the templates with the provided templates, even if they are the same
                self._templates.update(tfs.templates)
                offset += tfs.length
+
+            elif flowset_id == 1:  # Option templates always use ID 1
+                # TODO: Options templates are ignored, to prevent template ID collision
+                # (if a collision can occur is not yet tested)
+                otfs = V9OptionsTemplateFlowSet(data[offset:])
+                offset += otfs.length
+
            else:
                try:
                    dfs = V9DataFlowSet(data[offset:], self._templates)
--- a/setup.py
+++ b/setup.py
@ -7,7 +7,7 @@ with open("README.md", "r") as fh:

 setup(
    name='netflow',
-    version='0.10.4',
+    version='0.10.5',
    description='NetFlow v1, v5, v9 and IPFIX tool suite implemented in Python 3',
    long_description=long_description,
    long_description_content_type='text/markdown',